Why does it matter

Today everyone is using mobile devices such as smartphones, tablets or laptops to store and access information. Taking these devices with you while traveling, regardless if you are on holidays or on a business trip requires precautions to make sure that your data is not compromised. The following sections give you some best practices to reduce the risk while traveling. Not everything is applicable to all devices.

Before you leave

Take only the data you need. Look through the data on your device and delete what you don’t need. What you don’t have stored on your device cannot be accessed and stays securely at home.

Secure your device. Make sure that all the latest updates are installed. Not only for the device itself but also for all applications you have on it. Double check that the firewall on laptops is up and running. Verify that your device is protected by a password or pin code so that only you can access it and that the usage of the password is required after start-up, standby or screen saver activation. If feasible use encryption to protect individual sensitive information and/or encrypt the device itself. Don’t forget to note down the encryption/recovery key and keep it at home in a safe location. If you are using a USB device to bring data with you it also should be secured!

Make sure that you have a backup. Protect yourself from losing data by making sure that you have a backup. In this case, if the device is lost or damaged during your trip you will be able to recover your data.

On the road

Keep it safe! Keep your device with you or in a secure location (e.g. the safe in your hotel room) to reduce the risk that someone is tempering with it. Just leaving it in your room is not enough! If you are not in front of it, make sure that the access to the device is blocked by locking the screen. Protect the information on the screen from people sitting or standing close to you.

Be sensitive about WIFI networks. Public hotspots and the hotel WIFI network are not a safe place (a nice summary about this can be found an article of the “International Business Time“
http://www.ibtimes.co.uk/why-hotel-wifi-connections-are-hackers-dream-come-true-explained-1639101
). You share these with many other people and you cannot know the intentions of the network provider. Only connect to WIFI networks provided by parties you know and trust. Try to use encrypted connections as much as possible (https, VPN) and avoid transmitting sensitive information as much as possible. In doubt use the connection of your mobile phone to deal with critical, unencrypted information. If you don’t need it, disable the WIFI and Bluetooth functionality of your device. The easiest way to do this is to enter the “flight mode”.

Use a non-privileged account. Use an account which does not have Administrator access. In this case, even if the account is compromised it is more difficult to do more harm.

Avoid using shared computers. The usage of public computers the hotel lobby or an internet café might be convenient but it is also very risky. You don’t know if any malicious software is running on it. It is fine to access information which is available without authentication but you should not enter usernames, passwords or any sensitive information. Don’t use it to access or work on any internal or confidential documents. Do not connect any of your USB based storage devices (USB sticks, cameras, storage cards, etc) to it. They might get infected. If you did use such a device to surf on the internet enable the privacy mode in the browser (preferred) or delete all browsing and session information once you are done.